Scribd Logo
Upload

Welcome to Scribd!

  • Aarna Cybernetics Data Retention Policy v0.1

    Uploaded by

    pritam.aarnacybernetics
    12 views4 pages
    This data retention policy outlines roles and responsibilities for complying with regulatory requirements regarding data storage and destruction. The policy applies to all company employees and sets standards for appropriately storing data based on retention periods, disposal methods, and logging requirements. It establishes the Data Protection Officer as responsible for data retention procedures and compliance, with department heads and managers also accountable for records in their areas. The policy will be reviewed annually or as needed to address business or regulatory changes.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This data retention policy outlines roles and responsibilities for complying with regulatory requirements regarding data storage and destruction. The policy applies to all company employees and sets standards for appropriately storing data based on retention periods, disposal methods, and logging requirements. It establishes the Data Protection Officer as responsible for data retention procedures and compliance, with department heads and managers also accountable for records in their areas. The policy will be reviewed annually or as needed to address business or regulatory changes.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    12 views4 pages

    Aarna Cybernetics Data Retention Policy v0.1

    Uploaded by

    pritam.aarnacybernetics
    This data retention policy outlines roles and responsibilities for complying with regulatory requirements regarding data storage and destruction. The policy applies to all company employees and sets standards for appropriately storing data based on retention periods, disposal methods, and logging requirements. It establishes the Data Protection Officer as responsible for data retention procedures and compliance, with department heads and managers also accountable for records in their areas. The policy will be reviewed annually or as needed to address business or regulatory changes.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Contents

    1. Purpose..........................................................................................................................2
    2. Scope.............................................................................................................................2
    3. Policy Framework...........................................................................................................2
    4. Risk Appetite..................................................................................................................2
    5. Policy Statement.............................................................................................................2
    6. Roles and Responsibilities...............................................................................................3
    7. Document Review...........................................................................................................4
    8. Related Documents.........................................................................................................4
    9. Document Version History..............................................................................................4
    1. Purpose

    This policy applies the regulatory requirements in respect of data retention to our business.

    2. Scope

    This policy applies to all employees, contractors, volunteers, visitors, and other workers.

    3. Policy Framework

    This policy forms part of a set of policies designed to manage business risk and should be
    considered in conjunction with the other relevant policies in the framework below:

    4. Risk Appetite

    4.1. We have no appetite for any non-compliance or significant customer detriment caused
    by non-compliant processing of personal data.

    5. Policy Statement

    5.1. This policy relates to all types of data and ensures that all data which should be
    retained are appropriately stored and managed.

    5.2. The Data Protection Officer (DPO) is responsible for data storage and subsequent
    destruction under agreed procedures.

    5.3. Department heads are responsible for records relating to their departments so that-

    5.3.1. The Company Secretary is responsible for retention of all non-specific


    statutory and regulatory record
    5.3.2. The Finance Director {CFO} is responsible for retention of financial and
    related records
    5.3.3. The Health and Safety Officer is responsible for retention of all Health and
    Safety record
    5.3.4. The Head of HR is responsible for retention of all HR record
    5.3.5. All managers involved in succession planning, disaster recovery planning
    and business continuity will include this issue of retained data in their plans.
    5.4. The DPO will identify data retention period length and/or criteria used to determine
    the retention period length; the type of data involved, details and operation of the
    retention
    medium and the justification for retention. The DPO will also identify and record the
    disposal method.

    5.5. Each stored data asset will be marked by the assigned person with:-
    5.5.1. name of the record
    5.5.2. record type
    5.5.3. original owner of the data
    5.5.4. identified retention period
    5.5.5. planned date of destruction
    5.5.6. Information relating to special data such as cryptography.

    5.6. The DPO will ensure all data relating to the following are retained:-
    5.6.1. Cryptographic keys required for access and all other means to access that
    data
    5.6.2. A risk assessment to ensure we do not exceed 90% of manufacturer’s
    recommended storage life for storage media
    5.6.3. Logs of data for disposal as part of general disposal records.
    5.7. The DPO will establish a procedure for dealing with Freedom of Information requests
    including how access is authorised, and how data are protected from loss, destruction
    or falsification during the process.

    6. Roles and Responsibilities

    6.1. First line of defence (everyone) is responsible for:


     Ensuring their day to day business activity complies with all relevant regulations.
     Ensuring their business area is compliant with this Policy.
     Reporting any actual or perceived breaches.
    6.2. The Second line of defence (the management) is responsible for:
     Oversight of policy implementation.
     Acting as an independent, effective challenger of the first line.
    6.3. Third Line of defence (Directors, owners, external advisors or risk team) is
    responsible for:
     Providing assurance that the Policy meets all regulatory requirements and that the
    policy is being complied with effectively.
     Reviewing and approving this policy.
     Developing and supplying training on this policy, together with associated standards,
    tools, methodologies, and programmes.
     Supplying advice and guidance to staff implementing the policy.
    6.4. The Board of Directors are responsible for:
     Approval of this policy
    7. Document Review

    This document will be reviewed by the at least annually, or as and when needed, if major
    changes take place in the business structure, responsibilities, or regulatory framework.

    8. Related Documents

     Data Protection Policy


     Information Security Policy
     Third Party Management Policy
     Business Continuity Policy

    9. Document Version History

    Date Author Version Notes


    11-11-23 Pritam Bajpai V1

    You might also like